Cannot save chunks with <script> tags, even after turning off mod_security


I have a chunk that contains a script tag (for Google analytics). I can no longer save changes on that Chunk. I added

<IfModule mod_security.c>
  SecFilterEngine Off
  SecFilterScanPOST Off

To my .htaccess file but there is no change.

I also tried

SecRuleRemoveById 212340

But still no results.

I also contacted my host who also suggested the same thing.

Would anyone know what I could do?


MODX 2.5.7

Do you get an error message when you try to save?

Might be worth checking the server response in the Network tab on Chrome Dev Tools.

I wouldn’t think .htaccess would have any bearing on this. I’d check the dev tools console for errors when saving in the manager.

If you can save the chunk without the script tag, it almost certainly has to be a mod_security issue. Some hosts ignore any mod_security changes in .htaccess.

1 Like

OK I did some tests.

It appears that that Chunk will not save href or src.

My original Chunk contained a bunch of header items like:

	<script src="" integrity="sha384-vBWWzlZJ8ea9aCX4pEW3rVHjgjt7zpkNpZk+02D9phzyeVkE+jo0ieGizqPLForn" crossorigin="anonymous"></script>
    <link rel="stylesheet" href="" integrity="sha384-50oBUHEmvpQ+1lW4y57PTFmhCaXp0ML5d60M1M7uH2+nqUivzIebhndOJK28anvf" crossorigin="anonymous">
    <link href="styles_dist/css/main.css" rel="stylesheet">

If I remove anything containing href or src the Chunk saves.

I can paste in a blank tag like <link></link> and just bare URLs like but it wont save it they’re combined.

Really weird.

Yup it’ll definitely be modsecurity/firewall or similar on the server blocking those requests due to the content.